[GitHub] [geode] jmelchio commented on a change in pull request #7063: GEODE-9746: do not logout old subjects immediately when we get a new subject for the same uniqueId

[GitBox]

jmelchio commented on a change in pull request #7063:
URL: https://github.com/apache/geode/pull/7063#discussion_r740519610



##########
File path: 
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientUserAuths.java
##########
@@ -38,7 +43,12 @@
       new ConcurrentHashMap<>();
   private final ConcurrentMap<String, UserAuthAttributes> cqNameVsUserAuth =
       new ConcurrentHashMap<>();
-  private final ConcurrentMap<Long, Subject> uniqueIdVsSubject = new 
ConcurrentHashMap<>();
+  // use a list to store all the subjects that's created for this user id
+  // it's observed that even in the non-expirable credential case, the will be 
multiple

Review comment:
       Assume `the` is meant to be `there`

##########
File path: 
geode-core/src/main/java/org/apache/geode/internal/cache/tier/sockets/ClientUserAuths.java
##########
@@ -52,17 +62,32 @@ public Long putUserAuth(UserAuthAttributes userAuthAttr) {
     return newId;
   }
 
-  public Long putSubject(Subject subject, long existingUniqueId) {
-    final Long newId;
+
+  public long putSubject(@NotNull Subject subject, long existingUniqueId) {
+    final long newId;
     if (existingUniqueId == 0 || existingUniqueId == NOT_A_USER_ID) {
       newId = getNextID();
     } else {
       newId = existingUniqueId;
     }
 
-    Subject oldSubject = uniqueIdVsSubject.put(newId, subject);
-    removeSubject(oldSubject);
-    logger.debug("Subject of {} added.", newId);
+    // we are saving all the subjects that's related to this uniqueId
+    // we cannot immediately log out the old subject of this userId because
+    // it might already be bound to another thread and doing operations. If
+    // we log out that subject immediately, that thread "authorize" would get 
null principal.
+    synchronized (this) {
+      CopyOnWriteArrayList<Subject> subjects;
+      if (!uniqueIdVsSubject.containsKey(newId)) {
+        logger.debug("Subject of {} added.", newId);
+        subjects = new CopyOnWriteArrayList<>();
+        uniqueIdVsSubject.put(newId, subjects);
+      } else {
+        logger.debug("Subject of {} replaced.", newId);
+        subjects = uniqueIdVsSubject.get(newId);
+      }
+      // always add the latest subject to the top of the list;
+      subjects.add(0, subject);

Review comment:
       > This will shift every element in the list, which could be costly. When 
adding a new subject, it makes a copy of the array. At the same time, the other 
thread could call `subjects.get(0)` and get the old subject before the new one 
is added.
   
   I think that `subjects.get(0)` is only invoked in a synchronized method 
which has the same lock scope as the `synchronized(this){}` block so that 
should prevent getting and putting to clash. 
   Maybe the `synchronized(this){}` block could be limited to encapsulate just 
the `subjects.add(0, subject);` statement?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@geode.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org